in_collectd: reject parts with length < 4 and fix null-terminator OOB

[TristanInSec]

The collectd binary protocol parser enters an infinite loop when it
receives a part with part_len=0: the loop counters are not advanced
and the while condition remains true forever. A single 4-byte UDP
packet can permanently hang the worker thread.

Additionally, the null-terminator check for string parts reads one
byte past the end of the received data (ptr[size] where size =
part_len - 4 accesses buf[part_len], which is past the buffer when
the last part fills exactly to the end).

Fix both by rejecting parts with part_len < 4 (minimum valid part
is 4 bytes: 2 type + 2 length) and checking ptr[size - 1] instead
of ptr[size] for the null terminator.

Summary by CodeRabbit

• Bug Fixes
  • Strengthened validation of incoming network packet parts to reject malformed or truncated parts before processing.
  • Improved detection and handling of text fields to avoid out-of-bounds memory reads and potential crashes.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7678d006-6d9b-45ac-962e-56bab0ad896e

📥 Commits

Reviewing files that changed from the base of the PR and between 0b23d1d and dab2e75.

📒 Files selected for processing (1)

• plugins/in_collectd/netprot.c

🚧 Files skipped from review as they are similar to previous changes (1)

• plugins/in_collectd/netprot.c

---

📝 Walkthrough

Walkthrough

The PR hardens the collectd protocol parser in netprot_to_msgpack() by adding early validation for part lengths and replacing unsafe NUL-termination checks with in-bounds checks for string parts.

Changes

Parsing security and bounds fixes

Layer / File(s)	Summary
Part length validation plugins/in_collectd/netprot.c	Parser now rejects parts where part_len < 4 or remaining buffer size len < part_len, emitting "invalid part length" error early.
NUL-termination bounds safety plugins/in_collectd/netprot.c	String parts (PART_HOST, PART_PLUGIN, PART_PLUGIN_INSTANCE, PART_TYPE, PART_TYPE_INSTANCE) now check size > 0 && ptr[size - 1] == '\0' instead of reading out-of-bounds at ptr[size].

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

backport to v4.2.x

Suggested reviewers

• cosmo0920

Poem

A fuzzy fix for collectd's way,
We validate before we parse, hooray!
Bounds checks keep our strings safe and sound,
No sneaky reads past buffer's bound. 🐰✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the two main changes: rejecting parts with length < 4 and fixing null-terminator out-of-bounds access.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[edsiper]

@TristanInSec would you please sign off the commits ? (DCO error / git commit -s ...)

[TristanInSec]

Hi @edsiper @cosmo0920 -- just checking in on this batch (#11849-#11856). All 7 have DCO passing and Cosmo0920's approval. Is there anything else needed from my side to get these merged? Thanks!